A team of PaloAlto Networks researchers has said it had discovered a new family of iOS malware that “successfully infected” non-jailbroken devices.
Dubbed ‘AceDeceiver’, the researcher said what made AceDeceiver different from previous iOS malware was that instead of abusing enterprise certificates as some iOS malware had over the past two years, AceDeceiver managed to install itself without any enterprise certificate at all. It did so by exploiting design flaws in Apple’s DRM mechanism, & even as Apple had removed AceDeceiver from App Store, it could still spread thanks to a novel attack vector.
The good news is that right now, it looks as though AceDeceiver only affects users in mainland China. The bigger issue, however, is that AceDeceiver is evidence of another relatively easy way for malware to infect non-jailbroken iOS devices, though.
A blog post by the Palo Alto team said:
AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called “FairPlay Man-In-The-Middle (MITM)” and has been used since 2013 to spread pirated iOS apps, but this is the first time we’ve seen it used to spread malware. (The FairPlay MITM attack technique was also presented at the USENIX Security Symposium in 2014; however, attacks using this technique are still occurring successfully.)
Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge.
•Share This•
